Authentication management method, information processing apparatus, wearable device, and computer program

ABSTRACT

An authentication management method executed in a plurality of apparatuses cooperating each other communicably connecting, to allow reception of instruction by a user, a first information processing apparatus which performs authentication that the user is a predetermined person and a second information processing apparatus which is worn by the user, in a case where the user wearing the second information processing apparatus has been identified, by the second information processing apparatus, to be the predetermined person, identifying, by the second information processing apparatus, whether or not the first information processing apparatus and the second information processing apparatus are associated with each other as a plurality of apparatuses which perform cooperative processing.

This application is a continuation of application Ser. No. 15/511,919filed Mar. 16, 2017, now pending, which is a § 371 national stageapplication of International Application No. PCT/JP2015/005696 filedNov. 16, 2015; and claims priority under 35 U.S.C. § 119 to JapanApplication No. 2014-234363 filed in Japan on Nov. 19, 2014; and thecontents of all of which are incorporated herein by reference as if setforth in full.

TECHNICAL FIELD

The present disclosure relates to an authentication management methodwhich relieves load of operation for authentication performed by a userby cooperating with a wearable device held by the user.

BACKGROUND ART

In recent years, various wearable devices have been released. Thewearable device is a type of a computer used by a user with the wearabledevice on. The wearable device is effective as a device which notifiesinformation to the user. For example, as to an eyeglass-type wearabledevice, when incoming call is detected, an icon etc. is overlappinglydisplayed on actual scenery which is visually recognized through theglass part to notify the incoming call. On the other hand, the wearabledevice is not suitable for complicated operations. Thereby, in manycases, the wearable device is used in combination with portableinformation terminals such as smart phones, cell phones, tablet PCswhich can easily handle the complicated operation.

It is general that a security lock (hereinafter referred to as “lock”)is set on the portable information terminal to authenticate a userbefore operation. Similar to this, when the wearable device is used, theuser is authenticated. For example, the eyeglass-type wearable deviceperforms biometrics authentication, through which, the user isauthenticated by means of his eyes. For example, in an eyeglass-typeuser terminal device disclosed in Patent Literature 1, authentication isperformed based on image information of the user's eye. Also, in aneyeglass-type interface device disclosed in Patent Literature 2, theimage of the retina of an eyeball of a user is photographed andauthentication is performed in accordance with the result. In aneyeglass-type image display device disclosed in Patent Literature 3, theimage of the eye of the user is photographed and iris authentication forthe user is performed.

CITATION LIST Patent Literature

PTL 1: Japanese Patent Application Laid-open No. 2012-008746

PTL 2: Japanese Patent Application Laid-open No. 2005-352024

PTL 3: Japanese Patent Application Laid-open No. 2007-003745

SUMMARY OF INVENTION Technical Problem

In a case where it is necessary to perform user authentication operationfor each of the portable information terminal and the wearable device, aplurality of authentication operations are required for the user, whichis cumbersome. The main object of the present invention is to proposetechnology which relieves load of operation performed by a userassociating to the authentication when using a plurality of devices incombination.

Solution to Problem

According to the present disclosure, an authentication management methodexecuted in a plurality of apparatuses cooperating each other comprises:communicably connecting, to allow reception of instruction by a user, afirst information processing apparatus which performs authenticationthat the user is a predetermined person and a second informationprocessing apparatus which is worn by the user; in a case where the userwearing the second information processing apparatus has been identified,by the second information processing apparatus, to be the predeterminedperson, identifying, by the second information processing apparatus,whether or not the first information processing apparatus and the secondinformation processing apparatus are associated with each other as aplurality of apparatuses which perform cooperative processing; in a casewhere the second information processing apparatus determines that thefirst information processing apparatus and the second informationprocessing apparatus are associated with each other as a plurality ofapparatuses which perform cooperative processing, performing,transmitting, by the second information processing apparatus, anidentification result to the first information processing apparatus; andperforming processing, by the first information processing apparatushaving received the identification result, to reduce the number ofoperations performed by the user for the authentication.

Advantageous Effects of Invention

According to the present invention, it is possible to reduce load ofoperation performed by the user associating to the authentication byidentifying the association with a first information processingapparatus using a second information processing apparatus which is inuse by the user when using a plurality of devices in combination.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a hardware configuration diagram of information processingsystem.

FIG. 2 is an example of video viewed through an eyeglass-type device.

FIG. 3 is a function configuration diagram of information processingsystem in a first example.

FIG. 4A is a diagram explaining procedure of the authenticationmanagement method in the first example.

FIG. 4B is a diagram explaining procedure of the authenticationmanagement method in the first example.

FIG. 5 is an example of a screen displayed on smartphone in the firstexample.

FIG. 6A is a diagram illustrating videos viewed through theeyeglass-type device.

FIG. 6B is a diagram illustrating videos viewed through theeyeglass-type device.

FIG. 7 is a diagram illustrating cooperative device DB.

FIG. 8A is a diagram explaining procedure at the time of cooperativeprocessing.

FIG. 8B is a diagram explaining procedure at the time of cooperativeprocessing.

FIG. 9 is an example of a screen of a smartphone at the time ofcooperative processing.

FIG. 10A is a diagrams explaining the operation of a smartphone.

FIG. 10B is a diagrams explaining the operation of a smartphone.

FIG. 10C is a diagrams explaining the operation of a smartphone.

FIG. 11A is a diagram explaining procedure of the authenticationmanagement method in a second example.

FIG. 11B is a diagram explaining procedure of the authenticationmanagement method in a second example.

FIG. 12 is an example of a screen of smartphone according to the secondexample.

FIG. 13A is a diagram illustrating videos viewed through theeyeglass-type device.

FIG. 13B is a diagram illustrating videos viewed through theeyeglass-type device.

FIG. 14A is a diagram explaining procedure of the authenticationmanagement method according to a third example.

FIG. 14B is a diagram explaining procedure of the authenticationmanagement method according to a third example.

FIG. 15A is a diagram explaining the operation of a smartphone.

FIG. 15B is a diagram explaining the operation of a smartphone.

FIG. 16 is an example of video viewed through the eyeglass-type devicein a fourth example.

FIG. 17 is a diagram illustrating the eyeglass-type device and lockingdevice.

DESCRIPTION OF EMBODIMENTS

In the following, embodiments of the present invention are described. Adescription is given here with regard to an information processingsystem (hereinafter, “present system”). FIG. 1 is a hardwareconfiguration diagram of the present system. In the present system 100,a first information processing apparatus 101 and a second informationprocessing apparatus 102 are communicably connected with each otherthrough a network 103. The first information processing apparatus 101is, for example, a portable information terminal, including smartphone,cell phone, tablet PC, etc. The second information processing apparatus102 is, for example, the eyeglass-type wearable device as mentioned.

The first information processing apparatus 101 is a computer comprisinga central processing unit (CPU) 104, a display device 105, an input andoutput I/F (interface: the same applies hereinafter) 106, a read onlymemory (ROM) 107, a random access memory (RAM) 108, a communication I/F109. These components 104 to 109 perform data exchange through a bus110. The CPU 104 performs the control of the whole apparatus byexecuting a first computer program of the present invention. It meansthat the first computer program is to operate the computer including theCPU 104 as the first information processing apparatus 101. The displaydevice 105 is, for example, a touch panel display. The display device105 functions as both a display unit and an input unit. Through thecontrol of the CPU 104, various images are displayed at portions whereallows an external camera to photograph the images. In this case, thedisplay device functions as the display unit. In a case where anoperation from a user is received, the display device functions as theinput unit. The input and output I/F 106 is an I/F which controls inputand output of data to and from an external storage device and anout-camera (a digital camera mounted on a back surface of the apparatus,i.e., mounted on a surface which is backside of the display device 105).The ROM 107 is a non-rewritable storage medium, in which program forstarting up the CPU 104 etc. is stored. The RAM 108 is a volatilerewritable storage medium which is used as work area of the CPU 104. Thecommunication I/F 109 is an I/F for establishing communication withexternal device including the second information processing apparatus102.

The second information processing apparatus 102 is a computer comprisinga CPU 111, a display device 112, an input and output I/F 113, a ROM 114,a RAM 115, a communication I/F 116. These components 111 to 116 performdata exchange through a bus 117. The display device 112 is a displayconfigured in an eyeglass-type, which displays information in a displayarea where the user can visually recognize. In the present embodiment, alight transmission-type display is employed, through which, the actualscenery behind the display is visually recognized. Also, with the lighttransmission type display, various images displayed on the display areoverlapping displayed in a foreground with the actual scenery as abackground. It is noted that the display device 112 is not limited tothe light transmission type display. For example, the actual sceneryphotographed by a camera separately set may be overlapped with variousimages. Then, the resultant video may be displayed on a non-transmissiontype display. Other components 111, and 113 to 116 are almost similar tothose described with regard to the first information processingapparatus 101. The components, however, are assembled in aneyeglass-type wearable device entirely. It is noted that the secondinformation processing apparatus 102 is not limited to the eyeglass-typedevice but it is possible to use a helmet-type device which is used asit is called head mount display. The network 103 connects the firstinformation processing apparatus 101 and the second informationprocessing apparatus 102 and transfers and receives informationtherebetween. However, the network 103 is not limited to this kind. Inthe following description, the network 103 is assumed to be anautonomous distributed wireless network.

In the present system 100, it is assumed that the first informationprocessing apparatus 101 operated by the user and the second informationprocessing apparatus 102 held by the user perform a cooperativeoperation. For example, suppose that there was an incoming call to thefirst information processing apparatus 101 through the communication I/F109. Then, in the present system 100, the incoming call can be notifiedto the user through the display area of the display device 112 of thesecond information processing apparatus 102. FIG. 2 shows a video 201,which is viewed by the user through the display device 112. Here, anexample of overlappingly displaying a notification icon 203, indicatingthe incoming call, on a visual field (screen) where can view actualscenery, is shown. The notification icon 203 is overlappingly displayedon the video 201 by computer graphics (CG). With a use of a half mirroror a use of known technology such as direct projection of a luminousflux on the retina, the overlapping display of the notification icon 203on the video 201 is easily achieved. For example, the actual scenery 202is made to be visually recognized through the half mirror and then, CGis overlappingly displayed thereon. In this case, even in the case wherethe second information processing apparatus 102 is only outputting thenotification icon 203 to the display device 112, it is possible to showthe video 201 to the user.

FIG. 3 is a functional configuration diagram of the present system 100.When the CPU 10 executes the first computer program of the presentinvention, the first information processing apparatus 101 causes thecomputer including the CPU 104 to function as a first authenticationsection 301, an authentication type switching section 302, a secondauthentication section 303, and an identification result receivingsection 304. The two authentication sections 301 and 303 performsauthentication respectively before the user operates its own apparatusby one of a plurality of authentication types having different loads ofoperation performed by the user. It is noted that the magnitude of aload of an operation corresponds to the number of steps required for theoperation.

For example, the first authentication section 301 performs simpleauthentication processing by presence/absence of specific operation bythe user. The specific operation includes, for example, the swipe of theuser's finger in a specific direction. It is possible to omit the user'soperation for authentication by, for example, automatically passing theauthentication processing. The above authentication type is called afirst type authentication. The second authentication unit 303 performsauthentication having larger load of operation performed by the user ascompared to the first type authentication (thereby, secure level ishigh). The above authentication type is called a second typeauthentication. Particularly, to perform the authentication processing,a four-digit number previously registered is matched with a four-digitnumber input by the user. In case of the above example, in the firsttype authentication, “swipe” can be input by running a fingertip on thescreen once. The number of operation step is thus one. On the otherhand, in the second type authentication, to input the four-digit number,the act of touching numerical key and releasing the finger therefrom isrequired at least four times. The number of operation steps is thusfour. Also, in case of the above example, in the second typeauthentication, in addition to the touch operation, sometimes, thefour-digit number needs to additionally be remembered. Therefore,comprehensively, it can be said that the load of the operation of thesecond type authentication is higher than that of the first typeauthentication. It is noted that the magnitude of the loads of theoperation of the first type authentication and the second typeauthentication can be distinguished by, for example, the degree ofdifficulties of question sentence and the large number of questionsentences.

The authentication type switching section 302 determines which one toswitch, the first type authentication or the second type authentication.Based on the identification result received from the second informationprocessing apparatus 102, the authentication type switching section 302switches the method. The second information processing apparatus 102 hasa function to determine whether any device has already been associatedwith the second information processing apparatus 102 or not. The“association” is applied to a device which performs cooperativeprocessing with another device. When the association is identified, theresult is transmitted from the second information processing apparatus102, which is the identification result. This will be described later.The identification result receiving section 304 obtains theidentification result and transmits the result to the authenticationtype switching section 302. This allows omitting the authenticationprocessing as above.

When the CPU 111 executes the second program for control of the presentinvention, the second information processing apparatus 102 causes thecomputer including the CPU 111 to function as a photographing section305, an identification section 306, and an identification resulttransmitting section 307. Assuming that the out-camera is connected tothe input and output I/F 113, the photographing section 305 photographsan identification image displayed on the display of the firstinformation processing apparatus 101. The identification image is a codeimage representing unique information of the first informationprocessing apparatus 101, including, for example, a two-dimensionalcode. The identification image may be an image unique to the firstinformation processing apparatus 101. For example, it may be a user'sselected image arbitrarily selected by the user for authentication. Theunique information includes, for example, a type name of the apparatusmain body, device name, IP (Internet Protocol), telephone number,address, appearance, color, and the like.

The identification section 306 attempts to identify the association withthe first information processing apparatus 101. If it is successfullyidentified, the identification unit 306 outputs the identificationresult. In particular, the identification unit 306 analyzes informationrepresented by the identification image photographed by the imaging unit305. Then, when the information obtained and the unique informationsatisfy predetermined condition, the identification unit 306 outputs theidentification result. The unique information used for theidentification is registered in a cooperative device DB (DB is anabbreviation for data base, the same applies hereinafter) 308 externalto the system. The registered information is read and stored in the RAM115 (storing unit). The predetermined condition is, for example, asfollows: identical information, information of link destination isidentical, features of the images subjected for the comparison match(for example, positions match) or are similar in a certain range. Theidentification result transmission section 307 performs transmissionprocessing to transmit the identification result to the identificationresult receiving section 304 of the first information processing unit101 through the network 103. With the identification result, theauthentication in the first information processing apparatus 101 can beomitted.

EXAMPLE 1

Next, a description is given with regard to an example of anauthentication management method executed in a plurality of apparatusescooperating each other. In the following description, it is assumed thatthe first information processing apparatus 101 is a smartphone and thesecond information processing apparatus is an eyeglass-type wearabledevice (hereinafter referred to as “eyeglass-type device”).

Authentication by Eyeglass-Type Device

When the user starts to use the device, the eyeglass-type deviceauthenticates whether a user is an authorized user or not. For example,when it is detected that the device is mounted to a user's head, theeyeglass-type device photographs the user's iris to determine whetherthe iris photographed matches with the iris of the user previouslyregistered or not. Alternatively, the user's iris may be photographed atevery fixed time interval to determine whether the iris matches with theiris of the user previously registered or not. It is noted that, what isimportant in this example is that the user is using the eyeglass-typedevice when he uses the smartphone. The fact that the device is owned bythe user (mounting the device on his body) means that the device hasalready been authenticated. In a case where the user is conventionallyfixed and it is unlikely that the device is handed to a third person, itis possible to omit the authorization of the user when using theeyeglass-type device.

Association Between Devices

When, for example, the user newly obtains a smartphone and aneyeglass-type device, the association is performed. FIG. 4A shows anassociation processing procedure performed in the smartphone. FIG. 4Bshows an association processing procedure performed in the eyeglass-typedevice. Referring to FIG. 4A, the smartphone generates an apparatus mainbody identification image (S401). It means that the smartphone operatesas an image generating unit. The apparatus main body identificationimage is an identification image used to cause the eyeglass-type deviceto identify apparatus information of the smartphone. The smartphonedisplays the apparatus main body identification image generated on thescreen of the display device (S402). It means that the smartphoneoperates as a display unit. FIG. 5 shows an example of the apparatusmain body identification image. In the example shown in FIG. 5, the codeimage which represents the unique information as mentioned, for example,a two-dimensional code 503, is displayed on a screen 502 of a smartphone501.

Referring to FIG. 4B, the eyeglass-type device photographs the apparatusmain body identification image illustrated in FIG. 5 using theout-camera etc. (S403). At that time, as shown in FIG. 6A, a message602, prompting to bring the smartphone within a visual field, isdisplayed in a video 601 which is viewed through the display device 112.The out-camera is mounted on a backside of the display device 105 sothat when the user is viewing the touch panel display from the front, alens is directed in a direction which is the same as that of the user'sface. It means that, suppose the user views scenery through theeyeglass-type device and photographs the scenery, the image of thescenery can be photographed with the out-camera when the user mounts theeyeglass-type device on and views the touch panel display from front.

The eyeglass-type device obtains the apparatus information of thesmartphone from the photographed image (S404). If the apparatusinformation of the smartphone is successfully decoded from the image(S405: Y), the eyeglass-type device stores (registers) the apparatusinformation in the cooperative device DB 308 (S406). If the decodedidentical apparatus information already exists, the eyeglass-type deviceupdates the information. If the apparatus information is notsuccessfully decoded from the image (S405: N), the glass-type devicedoes not update the cooperative device DB 308 and ends the processing.When the association processing is successfully completed, thesuccessful completion is notified to the user. FIG. 6B shows a situationin which, when apparatus main body identification information(two-dimensional code) 604 displayed on the display screen 603 of thesmartphone is photographed and the association is completed, the user isnotified the completion of the association through a message 605. FIG. 7illustrates one example of the association data stored in thecooperative device DB 308. The association data 701 shown in FIG. 7 isan example in which a device name of the smartphone (SS-1205), as adevice name having associated with the eyeglass-type device, and its IP(189.145.2.45) are associated with each other.

Cooperative Processing Between Devices

FIGS. 8A and 8B are diagrams explaining a cooperative processingprocedure between devices. FIG. 8A is a processing procedure of thesmartphone side. FIG. 8B is a processing procedure of the eyeglass-typedevice side. The contents of these processing procedures will bedescribed in the following with reference to screen examples shown inFIGS. 9 and 10. Referring to FIG. 8A, in response to a user's input ofinstruction to start operation, processing is started. First, thesmartphone receives the identification result for the smartphone itselffrom the eyeglass-type device (S801). If the identification resultrepresenting that its smartphone itself is previously associated withthe eyeglass-type device is obtained (S802: Y), the smartphone performsthe first type authentication. The first type authentication is a methodhaving a small load of operation or capable of omitting user's operation(S803). On the other hand, if the identification result representingthat the smartphone itself is previously associated with theeyeglass-type device is not obtained (S802: N), the smartphone performsthe second type authentication. The second type authentication is amethod having a large load of operation but capable of performing moresecure authentication (S804). In a case where the user instructs tostart the operation using the smartphone, as shown in FIG. 9,information such as the device name or IP may be displayed again on thedisplay screen 902 on the smartphone 901 by the apparatus main bodyidentification image (two-dimensional code) 903. Also, guidance 904,prompting to bring the smartphone into a visual field of the out-cameraof the eyeglass-type device, may be displayed.

Referring to FIG. 8B, in response to receiving the event to start theoperation from the smartphone side through the network 103 etc., theeyeglass-type device starts processing. First, the eyeglass-type devicephotographs the image within a visual field with the out-camera (S805).Then, the eyeglass-type device recognizes whether or not there is anydevice previously associated in the photographed image using theassociation data stored in the cooperative device DB 308 (S806). At thistime, in a case where the information such as the device name or IP isdisplayed on the smartphone side by the apparatus main bodyidentification image (two-dimensional code), the eyeglass-type devicemay recognize this. Also, an outer shape of the smartphone may be storedwhen performing the association.

When the smartphone having the same outer shape as that stored appearswithin the photographed image, the eyeglass-type device may recognizethis. Also, when the type number etc. of the first information apparatusis obtained when performing association, information such as an accurateaspect ratio of the outer shape of the smartphone, position of buttons,color of the body, etc. may be obtained from the information site on acloud, the eyeglass-type device may recognize the device using suchinformation. Then, the eyeglass-type device transmits the identificationresult representing whether the associated smartphone is included in thephotographed image or not to the associated smartphone (S807). Thisprocessing may be repeatedly performed until the associated phone isconfirmed to be included in the photographed image or until a fixed timeelapses from the instruction to start the operation on the smartphoneside is given. Alternatively, the eyeglass-type device may repeatedlyperform the processing at every fixed time interval while it is running.

FIGS. 10A to 10C are diagrams illustrating example at the time ofcooperative operation. It is assumed that the user brings the smartphone1002 into a visual field 1001 of the eyeglass-type device afterinstructing to start operation of the smartphone 1002. Then, theeyeglass-type device photographs an apparatus main body identificationimage (two-dimensional code) 1003. Then, the eyeglass-type deviceanalyzes the apparatus main body identification image photographed. As aresult of the analysis, if the eyeglass-type device identifies that itis a device previously associated (smartphone 1002), the eyeglass-typedevice notifies the identification result to the device (smartphone1002). Then, in accordance with the identification result, thesmartphone 1002 attempts the authentication by the first typeauthentication, which is simple, i.e., by a specific operation (swipe)1004.

On the other hand, in a case where the smartphone 1002 is not broughtinto the visual field 1001 even after an elapse of a fixed time, or in acase where it is identified that it is the smartphone 1002 notassociated, the information is notified to the smartphone 1002 side. Atthis time, the smartphone performs the second type authentication, whichis more secure as compared to the first type authentication. That is,the smartphone attempts to authenticate the user by the 4-digit numberinput 1005. It is noted that even in a case where it is identified thatit is not associated, the specific operation (swipe) 1004, which issimple, may first be prompted for authentication. Then, when the firstauthentication fails, the four-digit number input 1005 may be promptedas the next authentication method. As mentioned, in a case where thedevice is a device previously associated with the eyeglass-type device(smartphone 1002), by bringing the device into the visual field, with asimple authentication method, the lock can be released.

In a case where the user uses the smartphone while he is mounting theeyeglass-type device on, usually, the smartphone is unconsciouslybrought into the visual field of the eyeglass-type device. Thereby, withthe authentication method having a small load of operation, the user canrelease the lock unconsciously. On the other hand, in a case where it isnot possible to identify the smartphone associated within the visualfield of the eyeglass-type device, such as a case where the smartphoneis operated by a third person, the more secure authentication method issuggested. This makes it possible to prevent a situation where thesmartphone is used by an unauthorized user.

It is noted that, in the above, the first type authentication is thespecific operation (swipe) and the second type authentication is the4-digit number input, however, such methods are simple the examples. Forexample, in the first type authentication, no authentication may beperformed and in the second authentication, a user's date of birth maybe input in a manner of “Year: Month: Date” for authentication. In thiscase, by simply bringing the associated smartphone into the visual fieldof the eyeglass-type device, the authentication is released. On theother hand, in a case where the smartphone is used alone or in a casewhere a person other than an authorized user attempts to operate thesmartphone, the authentication to input the user's date of birth will beselected.

EXAMPLE 2

A description has been given in the example 1 with regard to the exampleof switching to the first type authentication or the second typeauthentication after the smartphone receives the identification resultfrom the eyeglass-type device. It is possible, however, to switch to thefirst type authentication according to the identification result aftersuggesting the second type authentication. The example of this case isdescribed in the example 2. FIGS. 11A and 11B are diagrams explaining aprocessing procedure in the second example. FIG. 11A is a processingprocedure of the smartphone side. FIG. 11B is a processing procedure ofthe eyeglass-type device side. FIG. 12 is a diagram explaining theoperation state of the smartphone. In response to an instruction tostart operation by user's pressing down a button 1205 on the smartphone1201 in FIG. 12, for example, the smartphone starts processing in FIG.11A. Referring to FIG. 11A, when the processing is started, thesmartphone displays a second authentication screen 1204 for the secondtype authentication on a display screen 1202 (S1101). Then, thesmartphone receives the identification result for the smartphone itselffrom the eyeglass-type device (S1102). If the identification resultrepresenting that the smartphone used by the user is the one which ispreviously associated with the eyeglass-type device is obtained (S1103:Y), the smartphone switches to the first type authentication, which issimple. On the other hand, if the identification result representingthat the smartphone used by the user is the one which is previouslyassociated with the eyeglass-type device is not obtained (S1103: N), thesmartphone continues the second type authentication, which is secure. Ina case where the second authentication screen is displayed on thesmartphone, as shown in FIG. 12, information such as the device name, IPof the smartphone may be displayed on the display screen 1202 on thesmartphone 1201 by the two-dimensional code 1203.

In response to receiving the event to start the operation on thesmartphone through the network 103 etc., the eyeglass-type device startsprocessing in FIG. 11B. Referring to FIG. 11B, the eyeglass-type devicephotographs the image within the visual field with the out-camera(S1105). Then, the eyeglass-type device recognizes whether the devicepreviously associated is included in the photographed image or not usingthe cooperative device DB 308 etc. (S1106). At this time, in a casewhere the information such as the device name or IP is displayed on thesmartphone side by the two-dimensional code, the eyeglass-type devicemay recognize this. Then, the eyeglass-type device transmits theidentification result representing whether the associated smartphone isincluded in the photographed image photographed by the eyeglass-typedevice or not to the associated smartphone (S1107). The identificationresult transmitted through the step of S1107 is received in the step ofS1102 in FIG. 11A.

The processing procedure of the eyeglass-type device side may repeatedlybe performed until the smartphone associated is confirmed to be includedin the photographed image or until a fixed time elapses from theinstruction to start the operation on the smartphone side is given.Alternatively, the eyeglass-type device may repeatedly perform theprocessing at every fixed time interval while it is running.

FIGS. 13A and 13B are diagrams illustrating an example at the time ofthe cooperative operation. As shown in FIG. 12, when the user decides touse the smartphone 1201 and presses down the button 1205, the secondauthentication screen 1204 and the two-dimensional code for identifyingthe information of the smartphone are displayed. The user does notperform authentication of the smartphone. Instead, as shown in FIG. 13A,the user brings a smartphone 1302 into a visual field 1301 of theeyeglass-type device. The eyeglass-type device identifies atwo-dimensional code 1303 displayed on the smartphone 1302. Then, theeyeglass-type device analyzes the information of the two-dimensionalcode. If it is identified that the smartphone is the one previouslyassociated, the information is transmitted to the smartphone 1302 side.As shown in FIG. 13B, according to the identification result, thesmartphone 1302 side switches to a first type authentication 1304,through which, a simple swipe operation is performed, from the secondtype authentication.

As mentioned, in a case where the smartphone is the one previouslyassociated with the eyeglass-type device, by bringing the smartphonewithin the visual field, with the simple swipe operation, the lock ofthe smartphone can be released. On the other hand, in a case where it isnot possible to identify the smartphone associated within the visualfield of the eyeglass-type device, such as a case where the smartphoneis operated by a third person, the smartphone keeps suggesting theauthentication method by the 4-digit number input. This prevents asituation where the smartphone is used by an unauthorized user. It isnoted that in the example, the second type authentication is the 4-digitnumber input and the first type authentication is the swipe operation,however, the methods are only the examples. For example, in the firsttype authentication, the authentication may not be performed. In thiscase, by simply bringing the smartphone associated into the visual fieldof the eyeglass-type device, the authentication is released.

EXAMPLE 3

Descriptions have been given in the first example and the second examplein a case where the smartphone displays the two-dimensional coderepresenting unique information. However, the image other than thetwo-dimensional code may be used. FIGS. 14A and 14B are diagramsexplaining the processing procedure at this time. FIGS. 15A and 15B arediagrams explaining example of operation at this time. As shown in FIG.15A, when the user decides to use a smartphone 1501 and instructs tostart operation by pressing down a button 1503 on the smartphone, forexample, the smartphone 1501 starts processing in FIG. 14A. When theprocessing is started, the smartphone 1501 generates image data 1502,which is unique and transmits the data to the eyeglass-type devicethrough the network 103 (S1401). The smartphone displays the image dataon the smartphone (S1402) and receives the identification result fromthe eyeglass-type device (S1403). In a case where the eyeglass-typedevice successfully identifies the smartphone (S1404: Y), the smartphoneperforms the first type authentication (S1405). In a case where theeyeglass-type device fails to identify the smartphone (S1404: N), thesmartphone performs the second type authentication which is more secureas compared to the first type authentication.

In response to receiving the event to start the operation on thesmartphone 1501 through the network 103 etc., the eyeglass-type devicestarts processing in FIG. 14B. When the processing is started, theeyeglass-type device receives the image data transmitted from thesmartphone 1501 through the step of S1401 in FIG. 14A (S1407) andphotographs the image of the visual field with the out-camera of theeyeglass-type device (S1408). Then, the eyeglass-type device determineswhether or not the image data previously received is included in thephotographed image (S1409) and transmits the identification result tothe smartphone 1501 (S1410). The identification result transmittedthrough the step of S1410 is received in the step of S1403 in FIG. 14A.

FIG. 15B is an example of a video 1504 viewed through the eyeglass-typedevice. In a case where the user brings the smartphone into the visualfield and the eyeglass-type device identifies the image data 1502previously received from the smartphone, guidance 1505, for example, maybe displayed, through which, the user is given feedback about therecognition of the associated device.

According to the present example, the smartphone 1501 first transmitsthe image data to the eyeglass-type device, which is cooperativecounterpart, through the network 103. The eyeglass-type deviceidentifies whether or not the image data is included in the photographedimage photographed by the eyeglass-type device. Thereby, the smartphone1501 may employ any image. For example, the image of the user'spreference stored in the smartphone 1501 side may be employed.

EXAMPLE 4

As a variation of the third example, by overlapping the image of thesmartphone on a particular point of the visual field of theeyeglass-type device, the lock of the smartphone may automatically bereleased. FIG. 16 is a diagram explaining example of operation at thistime. In response to receiving the event to start operation on thesmartphone, the eyeglass-type device receives the image data from thesmartphone and overlappingly displays the image 1602 on a video 1601which is viewed through the eyeglass-type device, which is thenpresented to the user. Further, the eyeglass-type device presentsguidance 1603 instructing the user to overlap the image displayed on thesmartphone and the image overlappingly displayed on the video.

Then, when the image on the smartphone is overlapped with the imageoverlappingly displayed, the eyeglass-type device transmits theidentification result that the smartphone has been identified to thesmartphone side. In response to the identification result, thesmartphone changes the authentication method. Through the examplesmentioned so far, in a case where the user presses down the button ofthe smartphone without any intention of releasing the lock, if it iswithin a range of the visual field of the eyeglass-type device, the lockis released by a simple method (or without authentication). Through themethod of the present example, however, two images need to beoverlapped, which prevents a situation in which the lock of thesmartphone is released without user's intention.

EXAMPLE 5

Descriptions have been given in the above examples in a case where, bythe user's pressing down the button on the smartphone, the userinstructs to start operation on the smartphone. However, not limited tothis, the operation may alternatively be started. For example, in a casewhere an acceleration sensor on the smartphone detects motion that it istaken out from a bag, the cooperative operation may be started. Also, ina case where the smartphone detects the event such as incoming call,mail reception, etc., the cooperative operation may be started. Also,the eyeglass-type device may start the cooperative operation. Forexample, in a case where the eyeglass-type device always analyzes theimage within the visual field and in a case where the eyeglass-typedevice recognizes an outer shape of the smartphone within the visualfield, the eyeglass-type device may start the cooperative operation.

EXAMPLE 6

Descriptions have been given so far with regard to the examples in acase where the first information processing apparatus is the smartphoneand the second information processing apparatus is the eyeglass-typedevice. The present invention, however, is not limited to theseexamples. For example, as shown in FIG. 17, the first informationprocessing apparatus may by a locking device for a door, and the secondinformation processing device, in combination with the first informationdevice, may be the eyeglass-type device. FIG. 17 is an example of avideo 1701 which is viewed through the eyeglass-type device. Byidentifying, with the eyeglass-type device, a two-dimensional code 1702displayed on a locking device 1703 for the door etc., if the lockingdevice is the one previously associated, with a simple authenticationact (for example, pulling the door), the lock can be released. On theother hand, if the locking device which is associated cannot beidentified within the visual field of the eyeglass-type device, withmore secure authentication act (for example, unlock using a physicalkey), the lock can be released. It is noted that, the first informationprocessing apparatus is not limited to the locking device for the door.For example, the first information processing apparatus may be lockingdevice for locker, automatic ticket gate, and keyless entry device forautomobile etc.

EXAMPLE 7

It is noted that, in the first example, the user's authenticationprocessing through the eyeglass-type device is not the essentialprocessing. However, the processing which is the feature of the presentinvention may only be operated in a case where the user's authenticationprocessing is performed through the eyeglass-type device. It means thatin a case where the user's authentication processing is not performedthrough the eyeglass-type device (or in a case where the user is notrecognized as the authorized user), the eyeglass-type device can alwaystransmit the notification that it failed to identify the smartphone tothe smartphone. This allows to suppress risk that the smartphone isbeing accessed in a case where the unauthorized user obtains theeyeglass-type device and the smartphone at the same time.

Other Embodiments

Description has been given in each example as above with regard to theexample of switching one of the first type authentication and the secondtype authentication by the authentication type switching section 302,however, there may be more number of the authentication methods. Itmeans that, it may be configured to switch to the authentication methodhaving smaller load of operation when receiving the identificationresult as compared to the load of operation when not receiving theidentification result.

Also, the present invention can be realized in the processing whichsupplies the first computer program and the second computer program asmentioned to the computer through the network 103 or the externalstorage medium, reads and performs each computer program by one or moreCPUs in the computer. The external storage medium includes USB memory,compact disc, DVD, etc. Also, the present invention can be realized by acombination of circuit which realizes one or more functions (forexample, ASIC).

REFERENCE SIGNS LIST

104 CPU

105 display device

106 input and output I/F

107 ROM

108 RAM

109 communication I/F

111 CPU

112 display device

113 input and output I/F

114 ROM

115 RAM

116 communication I/F

301 first authentication section

302 authentication type switching section

303 second authentication section

304 identification result receiving section

305 photographing section

306 identification section

307 identification result transmission section

308 cooperative device DB

The invention claimed is:
 1. An authentication management method bycooperation of apparatuses, comprising: communicably connecting: 1) afirst information processing apparatus which performs authenticationprior to a user operation of the first information processing apparatus,and 2) a second information processing apparatus which is wearable bythe user, attempting, by the second information processing apparatus, todetermine whether the first information processing apparatus and thesecond information processing apparatus are associated with each otheror not, in a case where the second information processing apparatusdetermines that the first information processing apparatus and thesecond information processing apparatus are associated with each other,sending, by the second information processing apparatus, a result ofdetermination to the first information processing apparatus, andperforming, in a case where the second information processing apparatusauthenticates the user, processing for allowing omission of the useroperation for the authentication by the first information processingapparatus which received the result of determination.
 2. Theauthentication management method according to claim 1, wherein the firstinformation processing apparatus is an apparatus which performsauthentication by one of: 3) a first type authentication which allowsomission of the user operation; and 4) a second type authentication,wherein a load of operation performed by the user in the second typeauthentication is larger than that of the first type authentication, andin a case where the result of determination is received from the secondinformation processing apparatus, the first type authentication isperformed, and in a case where the result of determination is notreceived from the second information processing apparatus, the secondtype authentication is performed.
 3. The authentication managementmethod by device cooperation according to claim 1, wherein the firstinformation processing apparatus is a portable information terminalwhich comprises a display and an identification image displaying unitwhich displays an identification image on the display, theidentification image is used for identification of the first informationprocessing apparatus itself, and wherein the second informationprocessing apparatus is a wearable device which photographs theidentification image and transmits the identification result to theportable information terminal in a case where the identification imagephotographed satisfies predetermined condition.
 4. The authenticationmanagement method performed by cooperation of apparatuses according toclaim 3, wherein the identification image is a code image representingunique information of the portable information terminal, and wherein thewearable device photographs the code image and analyzes uniqueinformation represented by the code image photographed and transmits theidentification result from the wearable device to the portableinformation terminal in a case where the unique information obtained bythe analysis and information previously registered satisfy predeterminedcondition.
 5. The authentication management method performed bycooperation of apparatuses according to claim 4, wherein the wearabledevice is an eyeglass-type device which displays information in adisplay area where the user can visually recognize, wherein theidentification image is a user selection image which is selected by theuser, wherein the portable information terminal displays the userselection image on the display and transmits information representingthe user selection image to the eyeglass-type device, and wherein theeyeglass-type device having received the user selection image transmitsthe identification information to the portable information terminal in acase where the received user selection image matches with the userselection image displayed in the displayed area.
 6. An informationprocessing apparatus communicably connected with a wearable device whichis worn by a user, comprising: an identification result receiving unitconfigured to obtain a determination result from the wearable deviceworn by the user, the determination result representing that theinformation processing apparatus and the wearable device are associatedwith each other; and an authentication unit configured to performauthentication prior to a user operation of the information processingapparatus by one of a plurality of authentication methods each havingdifferent load of operation performed by the user; wherein theidentification result receiving unit is configured to omitauthentication by the authentication unit in a case where the wearabledevice authenticates the user and the determination result is obtainedfrom the wearable device.